Interactive disassembler

Interactive disassembler
Basic data
developer	Hex-Rays
Current version	7.5 ; (May 19, 2020)
operating system	Microsoft Windows , Linux , Mac OS X
programming language	C ++
category	Disassembler
License	Proprietary
German speaking	No
	www.hex-rays.com/products/ida/index.shtml

The Interactive Disassembler ( IDA ; German " Interactive Disassembler ") is a disassembler that makes it possible to convert binary code into assembly language. It supports processors from different manufacturers and processor families. For the automatic analysis of the binary code, IDA takes into account the compiler used and a database with metadata of known functions. This results in a particularly high recognition rate of library functions and their names, which later simplify the understanding of the generated code considerably.

The possibility of interactively intervening in the analysis of the binary code gives the experienced user the opportunity to incorporate his knowledge of the program or its structure into the decoding. Ultimately, a program is not 100% able to correctly decode a binary code and benefits from the interaction of the user.

In this way, data incorrectly interpreted as code can be converted into the correct representation, and complex data structures and data types can also be specified in IDA. When data is converted into code, a function-related analysis of the code is automatically carried out and this is structured accordingly and given jump labels or names.

In newer versions IDA has the possibility to execute the binary code on Intel processors under its control and to set breakpoints with a debugger . This opens up new possibilities to understand the program flow of the analyzed binary code.

Scripting

Extensions enable the scope of functions to be expanded. Some helpful scripts are already included that can serve as templates for your own extensions. Most often, scripts are used to further modify the generated code. External symbol tables can be loaded and the function names of the original source code can be restored. Extensions exist as so-called IDC scripts and based on Python .

There are several websites that deal specifically with IDA scripting and offer help on common problems.

Areas of application

IDA is suitable for analyzing your own programs - e.g. B. to check the effectiveness of a used compiler - as well as to analyze foreign programs. Security researchers can use the software e.g. They can be used, for example, to detect security gaps or to understand how a malware program works .

Systems supported

Operating systems

Microprocessors
- Intel 80x86 / Pentium / i960
- ARM Risc
- Motorola 68xxx / h8
- Zilog Z80 , MOS Technology 6502 , Intel 8051 , Intel i860 , DEC PDP-11

Compiler
- GNU C ++ for Unix / common
- GNU C ++ for Cygwin
- Borland C Builder v4 for DOS / Windows
- Borland C ++ 3.1
- Borland C ++ 5.x for DOS / Windows
- Microsoft C (16 bit) for DOS / Windows
- Microsoft Visual C ++ v6
- Microsoft Visual Studio .NET
- Watcom C ++ (16/32 bit) for DOS / OS2
- ARM C v1.2

literature

Chris Eagle: The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler . No Starch Press, USA 2008, ISBN 1-59327-178-6 , pp. 640 .

Web links

IDA website (English)

Individual evidence

↑ [ https://www.hex-rays.com/products/ida/news/7_5/ IDA: What's new in 7.5]
↑ Hex-Rays
↑ IDA: Lumina server - Hex Rays. Accessed June 21, 2020 (English).

[1] [ https://www.hex-rays.com/products/ida/news/7_5/ IDA: What's new in 7.5]

[2] Hex-Rays

[3] IDA: Lumina server - Hex Rays. Accessed June 21, 2020 (English).